DisableObjectFilter is a sandbox setting in Sandboxie Ini available since v1.0.0 / 5.55.0. This setting disables the object filtering mechanism, allowing sandboxed processes to bypass object access restrictions and directly interact with processes, threads, and other system objects outside the sandbox.
Note
Object filtering requires global activation via EnableObjectFiltering=y in the [GlobalSettings] section. When globally enabled, individual sandboxes can disable it using DisableObjectFilter=y.
[DefaultBox]
DisableObjectFilter=yDisableObjectFilter=<y/n>Where:
ydisables object filtering for this sandboxn(default) maintains object filtering when globally enabled
Warning
This setting disables driver-level enforcement of object access restrictions. Malicious software can potentially bypass these protections through various techniques including code injection, API hooking, or direct system calls, making this setting unsuitable for untrusted applications.
DisableObjectFilter is automatically enabled when:
- NoSecurityFiltering is set in Application Compartment mode1.
- DisableFileFilter: Disables only file system filtering.
- DisableKeyFilter: Disables only registry filtering.
- NoSecurityFiltering: Disables all filtering in Application Compartment mode.
Footnotes
-
Object filter control in
process.c: The settingproc->disable_object_flt = no_filtering || Conf_Get_Boolean(proc->box->name, L"DisableObjectFilter", 0, FALSE)allows DisableObjectFilter to completely bypass object filtering either independently or as part of NoSecurityFiltering in Application Compartment mode. ↩